Supply Chain Security and Third Party Risk Program Summit

Thursday, September 29
9 am - 3:15 pm EDT

Managing the risk to an organization’s supply chain can prove difficult for even the best staffed security department. This Summit will examine the myriad of risks to supply chains including external suppliers & vendor, including software and services.

Sessions in the summit will include the following:

9:00am – 10:00am - Cyber Defense and 3rd Parties: Reducing Cyber Risks in the Supply Chain
This presentation discusses the current state of the industry in Third Party Risk Management, with special attention paid to both the threats and risks stemming from modern Cyber Adversarial tactics. We'll examine what's working and what isn't, and present a framework for more effective ways to both identify risks to (and from) suppliers and how to mitigate these in a scalable manner.

Speaker – Eric Staffin, Vice President, Strategic Development Group, Blue Voyant

10:00am – 11:00am - Supply Chain Risk - Its Worse Than You Know

Growing tension in Europe and Asia are increasing pressures on supply chains to the United States. The US Government estimates a supply chain base of over 300,000 companies, the majority of which are small to medium size businesses. Massive exfiltration of highly sensitive data resulted in the Government instituting the Cybersecurity Maturity Model Certification (CMMC). There remains significant confusion about what this actually means and the costs associated with conformance. In this session, the speaker will highlight common issues from over 25 assessments of government contractors resulting in dispelling the myths of what business owners believe verses material facts and findings. Furthermore, Managed Services Providers are now in scope for CMMC assessments, learn how to make sure you are properly covered.

Speaker: Carter Schoenberg, VP, Cybersecurity, SoundWay Consulting Inc.

11:00am – 11:15am – Morning Break

11:15am – 12:15pm - IT Modernization – Are Supply Chain Security Programs AWOL?

As companies and government entities embark on their IT Modernization journeys, many are missing opportunities that secure cloud modernization can bring to their supply chain risk and security operations. Exploited supply chain risks are increasingly costly to organizations. How do you engage early to enable security by design and fortify your organization from supply chain risks?

Building security into infrastructure, automating compliance, and leveraging micro-intelligence services are just a few disciplines that should be incorporated into cloud and hybrid cloud environments that can extend to not only protecting your enterprise from supply chain or third-party risks – but enable built-in monitoring for vulnerabilities they may introduce. We’ll explore methods for securing infrastructure by design and how the industry is evolving to use of managed services to protect organizations from supply chain and third-party risks.

Speaker: Alice Fakir, Partner, Security Services, IBM

12:15pm – 1:15pm Lunch

1:15pm – 2:15pm - Build Information Resilience into your Supply Chain and Save a Ton of Money

Every organization relies and depends on a large number of suppliers, most organizations are struggling to properly address the issues related to supply chain vulnerabilities. This is one of the reasons Business Continuity Insurance premiums are increasingly getting more and more expensive. In this presentation we will explore proven tools and approaches to enhance supply chain resilience. The most important tool for any successful company is an effective Governance System that systematically, reliably, and repeatedly provides desired outcomes. A Management System based on ISO (International Organization for Standardizing) standards will provide a framework and set of requirements for such a Governance System. Business Continuity is not an option, it is an Imperative for survival.

Speaker: Willy Fabritius, Global Head Strategy & Business Development Information Security Assurance, SGS




*Please note: This is not included in the Main Conference registration and requires a separate registration.

InfoSec World
presented by
Stay Informed
Join our mailing list for the latest news on InfoSec World 2022.